apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: {{ template "app.name" . }}
  labels:
    {{- include "app.labels" . | nindent 4 }}
rules:
- apiGroups:
  - ""
  resources:
  - pods
  - namespaces
  verbs:
  - list
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
{{- if and .Values.args (hasKey .Values.args "targets") .Values.args.targets (contains "configmap" (coalesce .Values.args.targets "git")) }}
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - get
  - create
  - list
  - delete
{{- end }}
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - get
  - update
- apiGroups:
  - ""
  resources:
  - pods
  verbs:
  - watch
{{- if .Values.jobImageMode }}
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
  - delete
- apiGroups:
  - batch
  resources:
  - jobs
  verbs:
  - get
  - create
  - delete
{{- end }}